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REAL PARTY IN INTEREST 

The present application was assigned to Hewlett-Packard Company as 
indicated by an assignment from the inventor recorded on April 15, 2002 in the 
Assignment Records of the United States Patent and Trademark Office at Reel 
012824, Frame 0138. The present application was subsequently assigned to Hewlett- 
Packard Development Company, L.P. as indicated by an assignment from Hewlett- 
Packard Company recorded on September 30, 2003 in the Assignment Records of the 
United States Patent and Trademark Office at Reel 014061, Frame 0492. 

RELATED APPEALS AND INTERFERENCES 

There are no known appeals or interferences that will directly affect or be 
directly affected by or have a bearing on the Board's decision in this pending appeal. 

STATUS OF CLAIMS 

Claims 1-25 stand rejected pursuant to a Final Office Action mailed June 13, 
2005. Claims 1-25 are presented for appeal. 

STATUS OF AMENDMENTS 

No amendment has been filed subsequent to the mailing of the Final Office 

Action. 

SUMMARY OF CLAIMED SUBJECT MATTER 

Embodiments of the present invention as defined by independent Claim 1 are 
directed toward a method for installing an application (120) in a trusted operating 
system (100) comprising enabling selection of an application (120) from one or more 
applications (120), enabling dragging of a graphical representation of the selected 
application (120) towards a graphical representation of a compartment (140, 141, 142, 
143, 144, 145, 146, 147) of the trusted operating system (100), enabling dropping of 
the graphical representation of the application (120) on the graphical representation of 
the compartment (140, 141, 142, 143, 144, 145, 146, 147) and automatically installing 
the selected application (120) in the selected compartment (140, 141, 142, 143, 144, 
145, 146, 147) in response to the dropping of the graphical representation of the 
selected application (120). (at least at page 3, lines 19-32; page 5, lines 20-32; page 6, 
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lines 12-22; page 7, lines 1-31; page 8, lines 1-20; page 9, lines 1-8 and 22-31; page 
10, lines 1-23; and figures 1, 2A-2D and 3). 

Embodiments of the present invention as defined by independent Claim 12 are 
directed toward a method for installing an application (120) in a compartment-based 
trusted operating system (100) comprising displaying a graphical representation of a 
plurality of compartments (140, 141, 142, 143, 144, 145, 146, 147) of the trusted 
operating system (100), enabling dragging of a graphical representation of the 
application (120) towards a graphical representation of a compartment (140, 141, 142, 
143, 144, 145, 146, 147) of the plurality of compartments(140, 141, 142, 143, 144, 
145, 146, 147), enabling dropping of the graphical representation of the application 
(120) on the graphical representation of the compartment (140, 141, 142, 143, 144, 
145, 146, 147) and automatically installing the application (120) in the selected 
compartment (140, 141, 142, 143, 144, 145, 146, 147) in response to the dropping of 
the graphical representation of the compartment (140, 141, 142, 143, 144, 145, 146, 
147). (at least at page 3, lines 19-32; page 5, lines 20-32; page 6, lines 12-22; page 7, 
lines 1-31; page 8, lines 1-20; page 9, lines 1-8 and 22-31; page 10, lines 1-23; and 
figures 1, 2A-2D and 3). 

Embodiments of the present invention as defined by independent Claim 17 are 
directed toward a graphical software installation tool (102) for installing an 
application (120) in a trusted operating system (100) comprising a graphical user 
interface (110) comprising a display portion (116) displaying at least one 
compartment (140, 141, 142, 143, 144, 145, 146, 147) of the trusted operating system 
(100) and an application portion (114) comprising a graphical representation of at 
least one application (120), the graphical representation of the at least one application 
(120) operable to be dragged from the application portion (114) to the display portion 
(116), wherein dropping of the graphical representation of the at least one application 
(120) on a graphical representation of the at least one compartment (140, 141, 142, 
143, 144, 145, 146, 147) causes automatic installation of the application (120) in the 
compartment (140, 141, 142, 143, 144, 145, 146, 147). (at least at page 3, lines 19-32; 
page 5, lines 20-32; page 6, lines 12-22; page 7, lines 1-31; page 8, lines 1-20; page 9, 
lines 1-8 and 22-31; page 10, lines 1-23; and figures 1, 2A-2D and 3). 
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Embodiments of the present invention as defined by independent Claim 22 are 
directed toward a method for installing an application (120) in a trusted operating 
system (100) comprising enabling selection of an application (120) from one or more 
applications (120), enabling association of the selected application (120) with a 
compartment (140, 141, 142, 143, 144, 145, 146, 147) of the trusted operating system 
(100) and automatically installing the selected application (120) in the selected 
compartment (140, 141, 142, 143, 144, 145, 146, 147) in response to the association 
of the selected application (120) with the selected compartment (140, 141, 142, 143, 
144, 145, 146, 147). (at least at page 3, lines 19-32; page 5, lines 20-32; page 6, lines 
12-22; page 7, lines 1-31; page 8, lines 1-20; page 9, lines 1-8 and 22-31; page 10, 
lines 1-23; and figures 1, 2A-2D and 3). 

GROUNDS OF REJECTION TO BE REVIEWED ON APPEAL 

1. Claims 1-3, 6-7, 9-19, and 21-24 were rejected under 35 U.S.C. § 
102(e) as being anticipated by U.S. Patent No. 6,687,745 issued to Franco et al. 
(hereinafter "Franco"). 

2. Claims 4-5, 20 and 25 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Franco in view of U.S. Patent No. 6,550,061 issued to Bearden et 
al (hereinafter Bearden). 

3. Claim 8 was rejected under 35 U.S.C. § 103(a) as being unpatentable 
over Franco in view of U.S. Patent No. 6,795,963 issued to Andersen et al. 
(hereinafter "Andersen'"). 
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ARGUMENT 

A. Standard 

1. 35 U.S.C. § 102 

Under 35 U.S.C. § 102, a claim is anticipated only if each and every element 
as set forth in the claim is found in a single prior art reference. Verdegaal Bros. v. 
Union Oil Co. of California, 2 U.S.P.Q.2d 1051 (Fed. Cir. 1987); M.P.E.P. § 2131. In 
addition, "[t]he identical invention must be shown in as complete detail as is 
contained in the . . . claims" and "[t]he elements must be arranged as required by the 
claim." Richardson v. Suzuki Motor Co., 9 U.S.P.Q.2d 1913, 1920 (Fed. Cir. 1989); 
In re Bond, 15 U.S.P.Q.2d 1566 (Fed. Cir. 1990); M.P.E.P. § 2131. 

2. 35 U.S.C. § 103 

To establish a prima facie case of obviousness under 35 U.S.C. § 103, three 
basic criteria must be met: First, there must be some suggestion or motivation, either 
in the references themselves or in the knowledge generally available to one of 
ordinary skill in the art, to modify the reference or to combine reference teachings; 
second, there must be a reasonable expectation of success; and finally, the prior art 
reference (or references when combined) must teach or suggest all the claim 
limitations. In re Vaeck, 947 F.2d 488, (Fed. Cir. 1991); M.P.E.P. § 2143. The 
teaching or suggestion to make the claimed combination and the reasonable 
expectation of success must both be found in the prior art, and not based on 
applicant's disclosure. Id. Further, the mere fact that references can be combined or 
modified does not render the resultant combination obvious unless the prior art also 
suggests the desirability of the combination. In re Mills, 916 F.2d 680 (Fed. Cir. 
1990); M.P.E.P. § 2143.01. Additionally, not only must there be a suggestion to 
combine the functional or operational aspects of the combined references, but also the 
prior art is required to suggest both the combination of elements and the structure 
resulting from the combination. Stiftung v. Renishw PLC, 945 F.2d 1173, 1183 (Fed. 
Cir. 1991). Moreover, where there is no apparent disadvantage present in a particular 
prior art reference, then generally there can be no motivation to combine the teaching 
of another reference with the particular prior art reference. Winner Int'l Royalty 
Corp. v. Wang, 202 F.3d 1340, 1349 (Fed. Cir. 2000). 
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B. 35 U.S.C § 102 Rejections 

1. Claims 1-3, 6-7 and 9-19 and 21 

Claims 1-3, 6-7 and 9-19 and 21 were rejected under 35 U.S.C. § 102(e) as 
being anticipated by Franco. Of these claims, Claims 1, 12 and 17 are independent. 
Applicants respectfully submit that each independent claim is patentable over the 
Franco reference, and thus remaining Claims 2, 3, 6, 7, 9-11, 13-16, 18, 19 and 21 
which depend from their respective independent claims, are also patentable. 

Embodiments of the present invention generally involve a system and method 
for installing an application (120) in a trusted operating system (100). For example, 
according to one embodiment of Applicants' invention, the trusted operating system 
(100) comprises separate compartments (140, 141, 142, 143, 144, 145, 146, 147) 
where communications are controlled between the different compartments (140, 141, 
142, 143, 144, 145, 146, 147) such that by installing applications (120) in the separate 
compartments (140, 141, 142, 143, 144, 145, 146, 147), containment provided by the 
compartments (140, 141, 142, 143, 144, 145, 146, 147) reduces an application's (120) 
exposure to attack and/or limits the damage in the event of an attack (at least at page 
3, lines 19-30; page 5, lines 20-32; and figures 1 and 2A-2D). In some embodiments 
of Applicants' invention, a graphical software installation tool (102) having a 
graphical user interface (110) is used to associate a particular application (120) with a 
selected compartment (140, 141, 142, 143, 144, 145, 146, 147) such that as a result of 
such association, the tool (102) automatically performs various tasks to automatically 
install the application (120) into the selected compartment (140, 141, 142, 143, 144, 
145, 146, 147) (at least at page 6, lines 12-22; page 7, lines 1-16; page 8, lines 3-20; 
and figures 1, 2A-2D and 3). For example, in one embodiment of Applicants' 
invention, an application (120) is automatically installed into a selected compartment 
(140, 141, 142, 143, 144, 145, 146, 147) as a result of a user selecting the application 
(120) from a pull down menu associated with a control area (112) of the interface 
(110) and selecting a desired compartment (140, 141, 142, 143, 144, 145, 146, 147) 
for the application (120) from another pull down menu associated with a control area 
(112) of the interface (110) (at least at page 7, lines 1-7; page 10, lines 1-7; and 
figures 1, 2A-2D and 3). In another embodiment of Applicants' invention, an 
application (120) is automatically installed into a selected compartment (140, 141, 
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142, 143, 144, 145, 146, 147) as a result of a user selecting a graphical representation 
of the application (120) displayed in an application area (114) of the interface (110) 
and dragging and dropping the graphical representation of the application (120) onto a 
graphical representation of the compartment (140, 141, 142, 143, 144, 145, 146, 147) 
displayed in a display area (116) of the interface (110) (at least at page 7, lines 1-7; 
page 8, lines 3-14; page 9, lines 22-31; and figures 1, 2A-2D and 3). Accordingly, for 
example, independent Claim 1 recites "enabling selection of an application from one 
or more applications," "enabling dragging of a graphical representation of said 
selected application towards a graphical representation of a compartment of said 
trusted operating system," "enabling dropping of said graphical representation of said 
application on said graphical representation of said compartment" and "automatically 
installing said selected application in said selected compartment in response to said 
dropping of said graphical representation of said selected application." 

In the Final Office Action, the Examiner refers to column 5, lines 10-17, 
column 19, line 64, to column 20, line 14, column 6, lines 25-30 and 65-67, and 
column 8, lines 42-46 and 57-67, of Franco as purportedly disclosing a system 
enabling dragging of a graphical representation of a selected application towards, and 
dropping that graphical representation on, a graphical representation of a 
compartment of a trusted operating system (Office Action, pages 3 and 4). Applicants 
respectfully disagree. Franco appears to disclose a system for storing an interactive 
link on a client computer to a remote resource (Franco, abstract, column 5, lines 10- 
17). Franco also appears to disclose that the link to the remote resource may 
comprise a graphical element or representation, such as on a desktop, such that a user 
may select the element to initiate communications with the remote resource (Franco, 
column 20, lines 1-15). However, Franco does not disclose or even suggest "a 
graphical representation of a compartment of a trusted operating system " (emphasis 
added) as recited by Claim 1, nor does the Examiner explicitly identify any such 
disclosure in Franco. 

In support of the Examiner's position that Franco purportedly discloses "a 
trusted operating system" having "compartments]" as recited by Claim 1, the 
Examiner appears to refer to the "droplets" of Franco (Final Office Action, page 3). 
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In this regard, Franco recites: 

Initially, droplets™ 64 execute as the informational 
content 36 containing the links 62 and droplets™ 64, 
e.g., the document 60 containing the link 68 and the 
droplet 70, is delivered to the client computer 20. That 
is, the droplet 70 executes and notifies the droplet 
presentation client 25 that it has been loaded to the 
client computer 20. Next, the droplet 70 cooperates 
with the droplet presentation client 25 and the operating 
system software 80 of the client computer 20 to 
establish the communication connection 54 to the 
application server 40. 

(Franco, column 8, lines 37-46). Franco also recites: 

In accordance with the present invention, droplets™ 
(e.g., the droplets 64 and 70) are dynamic and "thin" 
applications. That is, the droplets™ generally include 
information identifying the operating environment on 
the client computer 20, the application server 40 to 
connect with and an application on the server 40 that is 
run to deliver the requested functionality to the client 
computer 20 once the connection is made. 

(Franco, column 8, lines 56-63). Thus, the Examiner appears to indicate that because 
the droplets of Franco have some information about the "operating environment" of 
the client computer 20 of Franco and/or otherwise cooperate with "operating system 
software" on the client computer 20 of Franco, such "operating environment" is 
necessarily a "trusted operating system" having "compartment[s]" as recited by Claim 
1. Applicants respectfully disagree. The mere recitation in Franco referred to by the 
Examiner of an "operating environment" and "operating system software" on the 
client of Franco, without more, does not rise to the level of a "trusted operating 
system" having "compartment[s]" as recited by Claim 1. To the contrary, Franco 
does not appear to disclose or even suggest any type of compartment-based 
communication control for establishing a "trusted operating system." Therefore, for 
at least these reasons, Applicants respectfully submit that Franco does not anticipate 
Claim 1. 
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Independent Claim 12 recites "displaying a graphical representation of a 
plurality of compartments of said trusted operating system /' "enabling dragging of a 
graphical representation of said application towards a graphical representation of a 
compartment of said plurality of compartments," "enabling dropping of said graphical 
representation of said application on said graphical representation of said 
compartment" and " automatically installing said application in said selected 
compartment ("of the trusted operating system] in response to said dropping of said 
graphical representation of said compartment" (emphasis added), and independent 
Claim 17 recites "a graphical user interface" comprising "a display portion displaying 
at least one compartment of said trusted operating system " and "an application portion 
comprising a graphical representation of at least one application, said graphical 
representation of said at least one application operable to be dragged from said 
application portion to said display portion, wherein dropping of said graphical 
representation of said at least one application on a graphical representation of said at 
least one compartment causes automatic installation of said application in said 
compartment [of the trusted operating system] " (emphasis added). At least for the 
reasons discussed above in connection with independent Claim 1, Applicants 
respectfully submit that Franco does not anticipate Claims 12 and 17. 

Accordingly, for at least the reasons discussed above, independent Claims 1, 
12 and 17 are clearly patentable over Franco. Therefore, Claims 1, 12 and 17, and 
Claims 2, 3, 6, 7, 9-11, 13-16, 18, 19 and 21 that depend respectively therefrom, are in 
condition for allowance. 

2. Claims 22-24 

Claims 22-24 were rejected under 35 U.S.C. § 102(e) as being anticipated by 
Franco. Of these claims, Claim 22 is independent. Applicants respectfully submit 
that independent Claim 22 is patentable over the Franco reference, and thus 
remaining Claims 23 and 24 which depend from independent Claim 22 are also 
patentable. 

Independent Claim 22 recites "enabling selection of an application from one 
or more applications," "enabling association of said selected application with a 
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compartment of the trusted operating system " and " automatically installing said 
selected application in said selected compartment fof the trusted operating system] in 
response to said association of said selected application with said selected 
compartment" (emphasis added). As discussed above in connection with independent 
Claims 1,12 and 17, Franco does not disclose or even suggest any type of controlled 
and/or isolated communications rising to the level of a "trusted operating system" as 
recited by Claim 22. Further, as discussed above in connection with independent 
Claims 1,12 and 17, Franco does not disclose or even suggest a " compartment " of a 
"trusted operating system" or "automatically installing [a] selected application in [the] 
selected compartment " in response to "associating] [the] application with [the] 
compartment" as recited by Claim 22 (emphasis added). To the contrary, the mere 
recitation in Franco referred to by the Examiner of an "operating environment" and 
"operating system software" on the client of Franco, without more, does not rise to 
the level of a "trusted operating system" or a "compartment" of a trusted operating 
system as recited by Claim 22. Nor does the mere recitation in Franco referred to by 
the Examiner of an "operating environment" and "operating system software" on the 
client of Franco rise to the level of "automatically installing [a] selected application 
in [the] selected compartment [of a trusted operating system ]" as recited by Claim 22 
(emphasis added). Accordingly, for at least this reason, Applicants respectfully 
submit that independent Claim 22, and Claims 23 and 24 that depend therefrom, are 
not anticipated by Franco. 

C. 35 U.S.C. § 103 Rejections 
1. Claims 4,5,8. 20 and 25 

Claims 4, 5, 20 and 25 were rejected under 35 U.S.C. § 103(a) as being 
unpatentable over Franco in view of Bear den. Claim 8 was rejected under 35 U.S.C. 
§ 103(a) as being unpatentable over Franco in view of Andersen. 

Claims 4, 5, 8, 20 and 25 depend respectively from independent Claims 1,17 
and 22. As discussed above, independent Claims 1,17 and 22 are allowable over the 
cited Franco reference. For example, Franco does not disclose or even suggest any 
type of controlled and/or isolated communications rising to the level of a "trusted 
operating system" as recited by respective independent Claims 1,17 and 22. Further, 
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Franco does not disclose or even suggest: 1) a "compartment" of a trusted operating 
system; 2) "a graphical representation of a compartment" of a trusted operating 
system; or 3) "automatically installing [a] selected application in [the] selected 
compartment" in response to dropping and/or otherwise associating the selected 
application with the compartment as recited by respective independent Claims 1, 17 
and 22. Moreover, neither Bearden nor Andersen, alone or in the combinations 
referred to by the Examiner in the Final Office Action, remedy the deficiencies of 
Franco. Therefore, Applicants respectfully submit that Claims 4, 5, 8, 20 and 25 are 
also in condition for allowance. 
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CONCLUSION 



Applicants have demonstrated that the present invention as claimed is clearly 
distinguishable over the art cited of record. Therefore, Applicants respectfully request 
the Board of Patent Appeals and Interferences to reverse the final rejection of the 
Examiner and instruct the Examiner to issue a notice of allowance of all claims. 

The Commissioner is authorized to charge the statutory fee of $500.00 to 
Deposit Account No. 08-2025 of Hewlett-Packard Company. Although no other fee 
is believed due, the Commissioner is hereby authorized to charge any fees or credit 
any overpayments to Deposit Account No. 08-2025 of Hewlett-Packard Company. 



Date: September 28, 2005 

Correspondence To: 

L. Joy Griebenow 
Hewlett-Packard Company 
Intellectual Property Administration 
P.O. Box 272400 

Fort Collins, Colorado 80527-2400 
Tel. (970) 898-3884 



Respectfully submitted, 




Registration No. 43,486 
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CLAIMS APPENDIX 

1. A method for installing an application in a trusted operating system, 
comprising: 

enabling selection of an application from one or more applications; 

enabling dragging of a graphical representation of said selected application 
towards a graphical representation of a compartment of said trusted operating system; 

enabling dropping of said graphical representation of said application on said 
graphical representation of said compartment; and 

automatically installing said selected application in said selected compartment 
in response to said dropping of said graphical representation of said selected 
application. 

2. The method of claim 1, further comprising: 

automatically determining one or more supporting resources associated with 
said selected application; 

automatically retrieving said supporting resources; and 

automatically installing said supporting resources within said selected 
compartment. 

3. The method of claim 1, further comprising: 

automatically determining access controls for one or more files associated 
with said selected application; and 

automatically setting said determined access controls for said one or more 

files. 

4. The method of claim 3, further comprising displaying said access 
controls along with the files with which said access controls are associated. 

5. The method of claim 3, further comprising modifying said access 
controls in response to a user input. 

6. The method of claim 2, wherein said automatically determining one or 
more supporting resources comprises automatically selecting one or more library 
files. 
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7. The method of claim 2, wherein said automatically determining one or 
more supporting resources comprises automatically selecting one or more 
configuration files. 

8. The method of claim 2, wherein said automatically determining one or 
more supporting resources comprises querying an executable file of said selected 
application to automatically determine said one or more supporting resources 
associated with said application. 

9. The method of claim 3, wherein said automatically determining access 
controls comprises automatically determining access controls for at least one of said 
files based at least in part on the type of the file. 

10. The method of claim 3, wherein said automatically determining access 
controls comprises automatically determining access controls for at least one of said 
files based at least in part on the location of the file. 

11. The method of claim 1, wherein said enabling dropping of said 
graphical representation of said application on said graphical representation of said 
compartment comprises enabling dropping of said graphical representation of said 
application in close proximity to said graphical representation of said compartment. 

12. A method for installing an application in a compartment-based trusted 
operating system, comprising: 

displaying a graphical representation of a plurality of compartments of said 
trusted operating system; 

enabling dragging of a graphical representation of said application towards a 
graphical representation of a compartment of said plurality of compartments; 

enabling dropping of said graphical representation of said application on said 
graphical representation of said compartment; and 

automatically installing said application in said selected compartment in 
response to said dropping of said graphical representation of said compartment. 
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13. The method of claim 12, further comprising: 

automatically determining one or more supporting resources associated with 
said application; 

automatically retrieving said supporting resources; and 

automatically installing said supporting resources within said selected 
compartment. 

14. The method of claim 12, further comprising: 

automatically determining access controls for one or more files associated 
with said selected application; and 

automatically setting said determined access controls for said one or more 

files. 

15. The method of claim 14, further comprising assigning a compartment 
label unique to said compartment to each of said supporting resources. 

16. The method of claim 12, wherein said enabling dropping of said 
graphical representation of said application on said graphical representation of said 
compartment comprises enabling dropping of said graphical representation of said 
application in close proximity to said graphical representation of said compartment. 

17. A graphical software installation tool for installing an application in a 
trusted operating system, comprising: 

a graphical user interface, comprising: 

a display portion displaying at least one compartment of said trusted 
operating system; and 

an application portion comprising a graphical representation of at least 
one application, said graphical representation of said at least one application operable 
to be dragged from said application portion to said display portion, wherein dropping 
of said graphical representation of said at least one application on a graphical 
representation of said at least one compartment causes automatic installation of said 
application in said compartment. 
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18. The graphical software installation tool of claim 17, further 
comprising: 

means for automatically determining one or more supporting resources 

associated with said at least one application; 

means for automatically retrieving said supporting resources; and 

means for automatically installing said supporting resources within said at 

least one compartment. 

19. The graphical software installation tool of claim 17, further 
comprising: 

means for automatically determining access controls for one or more files 
associated with said at least one application; and 

means for automatically setting said determined access controls for said one or 
more files. 

20. The graphical software installation tool of claim 19, further 
comprising: 

means for displaying said access controls along with the files with which said 
access controls are associated; and 

means for modifying said access controls in response to a user input. 

21. The graphical software installation tool of claim 19, wherein said 
means for automatically determining access controls comprises: 

means for automatically determining access controls for at least one of said 
files based at least in part on the type of the file; and 

means for automatically determining access controls for at least another one of 
said files based at least in part on the location of the file. 

22. A method for installing an application in a trusted operating system, 
comprising: 

enabling selection of an application from one or more applications; 
enabling association of said selected application with a compartment of the 
trusted operating system; and 
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automatically installing said selected application in said selected compartment 
in response to said association of said selected application with said selected 
compartment. 

23. The method of claim 22, wherein said enabling association of said 
selected application comprises: 

enabling dragging of a graphical representation of said selected application 
towards a graphical representation of said selected compartment; and 

enabling dropping of said graphical representation of said selected application 
on said graphical representation of said selected compartment. 

24. The method of claim 23, wherein said enabling dropping of said 
graphical representation of said selected application on said graphical representation 
of said selected compartment comprises enabling dropping of said graphical 
representation of said selected application in close proximity to said graphical 
representation of said selected compartment. 

25. The method of claim 22, further comprising: 

automatically determining access controls for one or more files associated 
with said selected application; 

automatically setting said determined access controls for said one or more 

files; 

displaying said access controls along with the files with which said access 
controls are associated; and 

modifying said access controls in response to a user input. 
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EVIDENCE APPENDIX 

None 
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RELATED PROCEEDINGS APPENDIX 

None 
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